Download either the 32-bit or 64-bit ISO file (to use the 64-bit ISO, the target PC only needs to have a 64-bit Intel/AMD CPU; the OS on the PC could be anything), then 'burn' the file to a CD. Note: This is very easy to do under Windows 7 by simply clicking on the .ISO file (all such files will open with: Windows Disc Image Burner). Most Linux/Mac distros come with ISO burning programs as well. Under Windows XP, you may need to install a program to do this.

NOTE: You can also create bootable Linux Live USB drives using this Windows program: Universal USB Installer where you will find instructions for doing so. Direct link: Download UUSB 1.9.6.0 (MD5 = D416A8A148DD763290EB644383CEDAC7). We've made our own page here as well for setting-up a bootable USB drive: Using UUSB 1.9.6.0 with an Ubuntu 10.04.4 LTS .iso file (can also be used with MANY other .iso distribution files!).

After burning the .ISO file to a CD, make sure the PC's BIOS is set to boot from the CD drive.

When the CD first boots-up, it will briefly show what's in Fig. 1 (at the bottom of the display). It will soon change to Fig. 2 (in center of display); the white dots turn into red ones then cycle through again, 3 to 4 times.

Then this "Install" window will appear.

Use the "Try Ubunutu..." button to load part of its OS into Memory (without making any changes to your PC's drive).

Do not remove the CD from the CD drive! (Remove it only after shutting down the Ubuntu OS when it asks you to do so.)

Note: Should you decide to 'Logout' or are asked the Username for some reason, the Username of this CD is: ubuntu (but there is no password!); if ever asked for the password, just continue without one.

The PC will eventually (give it time) boot into the Ubuntu Desktop screen (Fig. 4).     Use: "System" > "Preferences" > "Monitors" to change screen resolution.

Click on the "Places" menu, then choose "Computer" (see Figure 5).

Figure 5.

When the "Computer - File Browser" window appears (see Figure 6 above), you can select any storage media connected to the PC (hard drives, SSDs or USB drives) and examine it in detail. Here's part of a Windows 7 drive, showing the contents of its "System Reserved" partition under Ubuntu:


Figure 7.

You can also view files that are near impossible to access under Windows, such as "System Volume Information" folders and their tracking logs and databases. Clicking on a folder, such the "Boot" folder in Figure 7, will open a view of the files in that folder.

For readers of The Starman's Realm, one of its most important uses is to view and copy bytes of the first and following sectors of your boot drive! To do that, open a "Terminal" window (using menus in Figure 8), which will appear as it does here in Figure 9:

At the command prompt inside Terminal, you have access to many powerful utility programs such as dd and hexdump for viewing and copying the raw bytes of any storage media. The dd program can be both difficult and dangerous to use, so we will first use hexdump to view a drive's contents in the examples below, before writing data to a file in memory or to a USB drive (Note: When you connect a USB drive to the PC after Linux has boot-up, it should automatically find and mount that drive then place an icon like this on the Desktop: . Saving files to a USB drive is especially useful, if you have no Internet access, or wish to save a large amount of data.)

Most often the boot drive of a PC under Linux is referred to as the "sda" drive, where "a" means the first drive. If you connect a second or third drive, they would likely be sdb and sdc, etc. NOTE: If you have any IDE drives connected to your PC, they will likely be referred to as "hda" (or hdb, hdc, etc.).

Partitions on these drives start with a 1, so for a Windows 7 or later drive, the "System Reserved" partition would normally be accessed using the name "sda1" (but be aware that 'name brand' PCs may have a small partition installed by the manufacturer as the first one; or elsewhere):

So, in order to know what storage devices are connected to your PC, and how to refer to them in a command-line program, we believe most new users will prefer the built-in GUI program GParted (rather than using fdisk -l at the command prompt and attempting to interpret the data displayed there). Start GParted from the "System" and then "Administration" menu shown here:


Figure 10.

It will take some time for it to analyze all the drives' contents before showing the first drive. Use the pull-down menu in the upper-right area of its window to select other drives! Here's how a USB drive (with the name "sde" note: all storage devices are also prefixed by "/dev/") and its single FAT32 volume ('sde1') appeared:


Figure 11.
(GParted may have problems showing info about a USB drive; it did for us, but the OS will not have problems writing to it.)

Now try using the hexdump command, preceded by the "sudo" command as shown here (to view the beginning sectors of your first SATA drive):

Note: Under earlier versions (and some other current Linux distributions), hexdump will not provide you with the formatted output showing ASCII characters to the right of the data bytes as shown below (see Figures 12 and following); they do not have a "-C" switch which does this. The "v" must be added to show every byte rather than skip lines full of the same byte (and drives always have many lines of nothing but 'zero bytes' in them). We pipe ( | ) the output of hexdump through the less utility so we can see its contents one screen at a time; otherwise, it would continue spitting out the data all the way to the end of the drive! Use the PageDown and PageUp keys or the Up and Down Arrow keys to move forwards and backwards through the contents of the drive. Trying to use only these keys to get much further than a few hundred sectors into a drive would take too long a time; let alone viewing bytes all the way at the end of a large drive! (Solutions for doing so are found further below.)

Here's the output of the command above for the first sector of a Windows 7 OS boot drive (if you want to look at a 'slave drive' connected to your PC, it would likely be: /dev/sdb; a "b" instead of the "a"):


Figure 12.

Press the q key to 'quit' viewing.

If instead, you need to view the Volume Boot Record and following sectors of the first partition, simply add the digit '1' after sda (but note that the displayed offsets will begin at zero):

Another way to view the Volume Boot Record with the offsets counting from the beginning of the disk drive is to use the -s (skip) switch to jump directly to that sector. For most Windows 7 OS drives, we know the first Boot Record will begin at 2048 sectors (or exactly 2048 sectors times 512 bytes/sector = 1,048,576 bytes; 1 binary Mega Byte) into the disk drive, so we could use the command:

To learn more about the switches available when using hexdump and the options for entering a skip value, just enter:

which begins as follows:


Figure 13.

NOTE: Everything in Linux is case-sensitive. The -c (lower-casse) and -C (upper-case) options are different!

Note the "-C" switch which we've circled in Figure 13 above. The last part means we can use the abbreviated command 'hd' to do the same thing we did in command lines [1] - [3] above by replacing 'hexdump -C' with 'hd' as shown here:

An easy way to save a text copy of a drive's MBR or VBR sectors makes use of the BASH shell's redirection symbol: > (which was also ported into MS- and IBM-DOS long ago). This will redirect the output of hexdump from the display into a file; which could then be viewed later or emailed elsewhere. To save a text display of only the MBR sector's contents using hexdump, enter:

This command uses "-n" followed by 512 to save a display of only the first 512 bytes of /dev/sda to a text file. See Figure 15 below for this and the other useful options/switches of hexdump. (Note for Windows users: Linux does not use extensions for file types! We added '.txt' to the filename for those who will copy it to a Windows PC. We could just as easily use no extension at all, or even end this file with '.exe' and Linux could care less! The following screenshot shows the Linux command file in use; enter man file for more information on using it, which proves Linux knows this is an ASCII file; no matter what you name it:

Figure 14.)

Figure 15.

Now we'll save a view of the VBR and its next 15 sectors (512 x 16 = 8192 bytes) to a text file:

Before continuing, we recommend you practice copying files from the ubuntu user's home directory (/home/ubuntu) to your USB drive, or emailing them to yourself.

Now that you've had some practice using hexdump in the Linux command line, it's time to save some actual bytes from a disk drive to a file using the dd command. Enter "man dd" to see all its options. The most important part of the dd commands shown below will be "of=". Always double-check this, since it shows where the data will be written to! Next, be sure of how much data you intend to copy: Do not try copying Gigabytes of data without knowing you have the space avilable and the time it will take to copy it. And, yes, you can also use dd to copy a whole drive's contents to another drive!

This first example saves the actual data bytes (not an ASCII view of them!) of the sda drive's first sector to the file "mbrsda.bin" (in the working directory; you can always check that location by first entering: pwd as shown in Figure 16 below):

If you were directed to this page by TheStarman, he most likely asked for a copy of the first 100 sectors of your boot drive. Simply change the count from 1 to 100 and use a different file name:

As mentioned above, you can always use the command pwd to see which directory (folder) you are working in, and you can also use the commands ls (names only) or ls -l to view user accessible folders and files within that directory; you will see some of the saved files from steps above listed here:


Figure 16.

When using the dd command to save 100 sectors of drive data to a file, it's normal (as shown in the red circled area above) for it to display the lines: "100+0 records in / 100+0 records out / 51200 bytes (51 kB) copied," the time to do so being only a fraction of a second and the rate.

Note: Although the file sda100s.bin was saved as the 'root' user, all other users can still view and copy the file, so there will be no problems saving a copy of the file or emailing one to us.

To properly shut down the Linux Live CD, either press the CTRL + ALT + DEL keys at the same time or click the mouse in the Upper-Right corner icon as shown here:


Figure 17.

and a window like this will pop-up:


Figure 18.

When you see the following appear, remove the CD (drive tray should open automatically), close the tray (or put a different CD/DVD in it first) and then press ENTER key:


Figure 19.